package com.jihui.user.common;

import com.jihui.security.web.userdetails.JihuiWebSecurityConfigurerAdapter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;

/**
 * web security config
 *
 * @author linux_china
 */
@Configuration
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class UserSecurityConfigurerAdapter extends JihuiWebSecurityConfigurerAdapter {

    private String[] whiteAccountUrls = new String[]{"/helloHtml","/**", "/" , "/test"};
    @Value("${info.account.login.url}")
    private String loginUrl;

//    @Override
//    protected void internalConfigure(HttpSecurity http) throws Exception {
//        http.authorizeRequests()
//                .antMatchers(whiteAccountUrls).permitAll();
//    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and().authorizeRequests()
                .antMatchers(whiteAccountUrls).permitAll()
                .and()
                .rememberMe().key(rememberMeAppKey)
                .and()
                .exceptionHandling().authenticationEntryPoint(myLoginUrlAuthenticationEntryPoint())
                .accessDeniedHandler(restAccessDeniedHandler());
    }

    @Override
    protected void internalConfigure(HttpSecurity http) throws Exception {

    }

    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(whiteUrls).antMatchers("/password/**");
    }

    @Override
    protected String getRedirect() {
        return null;
    }
}